ESET APT Activity Report T3 2022 summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from September until the end of December 2022.

In the monitored timespan, Russia-aligned APT groups continued to be particularly involved in operations targeting Ukraine, deploying destructive wipers and ransomware. Among many other cases, we detected the infamous Sandworm group using a previously unknown wiper against an energy sector company in Ukraine. APT groups are usually operated by a nation-state or by state-sponsored actors; the described attack happened in October, in the same period as the Russian armed forces started launching missile strikes targeting energy infrastructure, and while we are not able to show those events were coordinated, it suggests that Sandworm and military forces of Russia have related objectives.

ESET researchers also detected a MirrorFace spearphishing campaign targeting political entities in Japan and noticed a gradual change in the targeting of some China-aligned groups – Goblin Panda started to duplicate Mustang Panda’s interest in European countries. Iran-aligned groups continued to operate at a high volume – besides Israeli companies, POLONIUM also started targeting foreign subsidiaries of Israeli companies, and MuddyWater probably compromised a managed security provider. In various parts of the world, North Korea-aligned groups used old exploits to compromise cryptocurrency firms and exchanges; interestingly, Konni has expanded the repertoire of languages it uses in its decoy documents to include English, which means it might not be aiming at its usual Russian and Korean targets. Additionally, we discovered a cyberespionage group that targets high-profile government entities in Central Asia; we named it SturgeonPhisher.

Malicious activities described in ESET APT Activity Report T3 2022 are detected by ESET products; shared intelligence is based mostly on proprietary ESET telemetry and has been verified by ESET Research.

Countries, regions and verticals affected by the APT groups described in this report include:

Targeted countries and regions Targeted business verticals
Central Asia
Egypt
European Union
Hong Kong
Israel
Japan
Latvia
Poland
Saudi Arabia
Serbia
South Korea
Tanzania
Ukraine
United States
Blockchain-based solutions (Web3) developers
Cryptocurrency firms and exchanges
Defense
Energy industry
Engineering
Financial services
Gambling companies
Logistics
Managed security providers
Manufacturing
National and local governments
Political entities
Satellite communication companies

ESET APT Activity Reports contain only a fraction of the cybersecurity intelligence data provided in ESET APT Reports PREMIUM. For more information, visit the ESET Threat Intelligence website.

Follow ESET research on Twitter for regular updates on key trends and top threats.